CVE-2023-23779
published 2023-02-16CVE-2023-23779: Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.32%
67.4th percentile
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | 6.3.6 – 6.3.19 | — |
| fortinet | fortiweb | 6.4.0 – 6.4.2 | — |
| fortinet | fortiweb | 7.0.0 – 7.0.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for OS command injection attempts via crafted HTTP request parameters targeting FortiWeb management interfaces, particularly from authenticated sessions ↗
- ·Vulnerability affects FortiWeb version 7.0.1 and below, 6.4 all versions, and 6.3.19 and below — verify deployed version falls outside these ranges after patching ↗
- ·Attack requires authentication; prioritize monitoring and hardening of authenticated user sessions and restrict administrative access to FortiWeb management interfaces ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pm7r-g7w6-hqj3: Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7
ghsa_unreviewed·2023-02-16
CVE-2023-23779 [HIGH] CWE-78 GHSA-pm7r-g7w6-hqj3: Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
Fortinet
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE...
vendor_fortinet·2023-02-16·CVSS 6.8
CVE-2023-23779 [MEDIUM] CWE-78 Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE...
FG-IR-22-133: Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE...
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
CVEs: CVE-2023-23779
CWEs: CWE-78
CVSS: 6.8 (medium)
Affected products: FortiWeb
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-16
Published